ipsec ike1 hybrid-rsa xauth failed #4438

[gratuxri]

Hello, my issue on https://github.com/opnsense/core/issues/4438 was marked as support, I try here now:
I have followed howto at https://docs.opnsense.org/manual/how-tos/ipsec-road.html and https://docs.opnsense.org/manual/how-tos/ipsec-rw-srv-ikev1xauth.html as a result working ipsec ike1 hybrid-rsa xauth, but without working xauth authentication.
Here are some logs with replaced ${USER}, ${FQDN}
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> XAuth authentication of '${USER}' failed
2020-11-02T00:25:07 | charon[38591] | 15[IKE] <con1|3> no XAuth secret found for '${FQDN}' - '${USER}'

After adding to /usr/local/etc/ipsec.secrets.opnsense.d/user.secrets lines like
[ <servername> ] <username> : XAUTH "<password>"
It works correctly.

Any ideas on which place it's going wrong?

[mimugmail]

The compatability matrix doesnt list any supported client, so it's not verified to work. Why so you not choose anything more compatible?

[gratuxri]

I choose this setup, because every android phone support this without extra software + no rollout for certificates is needed and you can use just letencrypt certificate. This 3 arguments is very important for me. And yes, I know, that it's not very secure, but it's just handy.